Comments (11)
Wow, gotta love Muscl... Can you test [master 7076943] please? Thanks!
from singularity.
:P that the most different distrib from CentOS that I have tested...
We are making progress, bootstrap is failing on grsec issue:
I: Extracting zlib1g...
W: Failure trying to run: chroot /mnt mount -t proc proc /proc
W: See /mnt/debootstrap/debootstrap.log for details
RFE: maybe we can keep the debootstrap.log in case of failure in some mktemp -d place: that would help debugging :)
dmesg:
[29028.432281] grsec: From 192.168.122.1: denied mount of proc as /mnt/proc from chroot by /mnt/bin/mount[mount:20498] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/debootstrap[debootstrap:16723] uid/euid:0/0 gid/egid:0/0
we need some grsec expert here!
from singularity.
bootstrap requirements:
systctl -w kernel.grsecurity.chroot_deny_chmod=0
systctl -w kernel.grsecurity.chroot_deny_mount=0
systctl -w sysctl -w kernel.grsecurity.chroot_caps=0
I am now hitting a InstallPkg issue (plain example/debian.def):
...
I: Base system installed successfully.
Reading package lists...
Building dependency tree...
The following extra packages will be installed:
libgpm2 vim-runtime
Suggested packages:
gpm ctags vim-doc vim-scripts
The following NEW packages will be installed:
libgpm2 vim vim-runtime
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/6034 kB of archives.
After this operation, 28.5 MB of additional disk space will be used.
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (2: No such file or directory)
Selecting previously unselected package libgpm2:amd64.
(Reading database ... 9747 files and directories currently installed.)
Preparing to unpack .../libgpm2_1.20.4-6.1+b2_amd64.deb ...
Unpacking libgpm2:amd64 (1.20.4-6.1+b2) ...
Selecting previously unselected package vim-runtime.
Preparing to unpack .../vim-runtime_2%3a7.4.488-7_all.deb ...
Leaving 'diversion of /usr/share/vim/vim74/doc/help.txt to /usr/share/vim/vim74/doc/help.txt.vim-tiny by vim-runtime'
Leaving 'diversion of /usr/share/vim/vim74/doc/tags to /usr/share/vim/vim74/doc/tags.vim-tiny by vim-runtime'
Unpacking vim-runtime (2:7.4.488-7) ...
Selecting previously unselected package vim.
Preparing to unpack .../vim_2%3a7.4.488-7_amd64.deb ...
Unpacking vim (2:7.4.488-7) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up libgpm2:amd64 (1.20.4-6.1+b2) ...
Setting up vim-runtime (2:7.4.488-7) ...
Processing /usr/share/vim/addons/doc
Setting up vim (2:7.4.488-7) ...
Processing triggers for libc-bin (2.19-18+deb8u4) ...
-> cpu jumps to 100% and everythin is stuck on my kvm alpine guest
from singularity.
when I comment out the vim installation in the debian.def, the bootstrap completes without error
#InstallPkgs vim
from singularity.
I tried a plain debootstrap from alpine then chroot + apt-get install vim -> no error
from singularity.
singularity bootstrap completes when using the base container.. maybe something went wrong previously. I am erasing and retrying from scratch.
from singularity.
ok, no issue from a clean container.img
from singularity.
alpine:/singularity$ sudo singularity bootstrap a.img examples/debian.def/singularity$ sudo singularity shell -w a.img
alpine:
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
ABORT: Could not fchdir to cwd: Operation not permitted
alpine:~/singularity$ pwd
Jun 8 09:43:52 alpine kern.alert kernel: [ 3348.626911] grsec: From 192.168.122.1: denied fchdir outside of chroot to /home/tru/singularity by /usr/local/libexec/singularity/sexec[sexec:16649] uid/euid:2765/2765 gid/egid:2765/2765, parent /usr/local/libexec/singularity
alpine:$ sudo sysctl -w kernel.grsecurity.chroot_deny_fchdir=0/singularity$ singularity shell a.img
alpine:
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
Singularity/a.img> df
Filesystem 1K-blocks Used Available Use% Mounted on
singularity 999320 275420 671472 30% /
from singularity.
Are you using the most recent master branch?
I made a bunch of changes to the bind code and now using a configuration file. I wonder if my code has an issue there.
Also aside from the <<< issues that you identified, are there any other changes you have that will need committing? Will you send me a PR?
Sent from my iPhone
On Jun 8, 2016, at 2:47 AM, Tru Huynh [email protected] wrote:
alpine:
/singularity$ sudo singularity bootstrap a.img examples/debian.def/singularity$ sudo singularity shell -w a.img
alpine:
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
WARNING: Non existant bind container destination path: '�t'
ABORT: Could not fchdir to cwd: Operation not permitted
alpine:~/singularity$ pwd
Jun 8 09:43:52 alpine kern.alert kernel: [ 3348.626911] grsec: From 192.168.122.1: denied fchdir outside of chroot to /home/tru/singularity by /usr/local/libexec/singularity/sexec[sexec:16649] uid/euid:2765/2765 gid/egid:2765/2765, parent /usr/local/libexec/singularityalpine:
$ sudo sysctl -w kernel.grsecurity.chroot_deny_fchdir=0/singularity$ singularity shell a.img
alpine:
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
WARNING: Non existant bind container destination path: 'rs'
Singularity/a.img> df
Filesystem 1K-blocks Used Available Use% Mounted on
singularity 999320 275420 671472 30% /—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
from singularity.
@truatpasteurdotfr is this still an issue on master?
Thanks!
from singularity.
the arch logic works 👍
from singularity.
Related Issues (20)
- container creation failed: mount hook function failure: mount /proc/self/fd/3->/var/lib/apptainer/mnt/session/rootfs error: while mounting image /proc/self/fd/3: squashfuse_ll exited with status 255: Something went wrong trying to read the squashfs image HOT 1
- FATAL: container creation failed: mount ERROR: while mounting image: no loop devices available HOT 1
- Failed to create mount namespace: mount namespace requires privileges, check Singularity installation : exit status 1 HOT 1
- OpenCL unavailable in Singularity with custom CUDA installation path and additional opencl related libraries from linux repository HOT 1
- Error in running def file during rpm installation HOT 1
- Singularity pull error: FATAL: While getting image info: error decoding image: invalid ObjectId in JSON HOT 1
- Singularity fails to build image on disk with sufficient space HOT 1
- Failed to invoke the specified Python 3 path HOT 1
- How do you authenticate to the Github container registry HOT 1
- manifest unknown HOT 1
- Runtime comparing to VM google cloud HOT 1
- [Usage] How to pass an inline argument for singularity shell call? HOT 1
- Singularity crashes when running heudiconv fmri data conversion HOT 1
- ERROR : Failed invoking the NEWUSER namespace runtime: Invalid argument ABORT : Retval = 255 HOT 1
- singularity-3.8.7/scripts/go-generate: Permission denied HOT 1
- apply_privileges Requesting capability set while permitted capability set is HOT 1
- Couldn't always determine user account information in slurm HOT 1
- Unknown image format/type HOT 1
- Unknown image format/type HOT 1
- delete sandbox HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from singularity.